*<​check|check kill> "​check"​ will show any processes that might interfere with the aircrack-ng suite. ​ It is strongly recommended that these processes be eliminated prior to using the aircrack-ng suite. ​ "check kill" will check and kill off processes that might interfere with the aircrack-ng suite. ​ For "check kill" see

===== Usage Examples =====

===== Usage Examples =====

Line 16:

Line 17:

==== Typical Uses ====

==== Typical Uses ====

-

To start wlan0 in monitor mode: airmon-ng start wlan0

+

===Check status and/or listing wireless interfaces ===

-

To start wlan0 in monitor mode on channel 8: airmon-ng ​start wlan0 8

+

~# airmon-ng

+

PHY Interface Driver Chipset

+

+

phy0 wlan0 ath9k_htc Atheros Communications,​ Inc. AR9271 802.11n

-

To stop wlan0: airmon-ng stop wlan0

+

===Checking for interfering processes===

+

+

When putting a card into monitor mode, it will automatically check for interfering processes. It can also be done manually by running the following command:

**Note**: It is very important to kill the network managers before putting a card in monitor mode!

+

+

~# airmon-ng start wlan0

+

Found 5 processes that could cause trouble.

+

If airodump-ng,​ aireplay-ng or airtun-ng stops working after

+

a short period of time, you may want to kill (some of) them!

+

+

PID Name

+

718 NetworkManager

+

870 dhclient

+

1104 avahi-daemon

+

1105 avahi-daemon

+

1115 wpa_supplicant

+

+

PHY Interface Driver Chipset

+

+

phy0 wlan0 ath9k_htc Atheros Communications,​ Inc. AR9271 802.11n

+

(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)

+

(mac80211 station mode vif disabled for [phy0]wlan0)

+

+

As you can see, it created a monitor mode interface called wlan0mon and it notified there are a few process that will interfere with the tools.

+

+

===Disable monitor mode===

+

+

~# airmon-ng stop wlan0mon

+

PHY Interface Driver Chipset

+

+

phy0 wlan0mon ath9k_htc Atheros Communications,​ Inc. AR9271 802.11n

+

(mac80211 station mode vif enabled on [phy0]wlan0)

+

(mac80211 monitor mode vif disabled for [phy0]wlan0mon)

+

+

Don't forget to restart the network manager. It is usually done with the following command:

+

+

service network-manager start

-

To check the status: airmon-ng

==== Madwifi-ng driver monitor mode ====

==== Madwifi-ng driver monitor mode ====

Line 46:

Line 111:

If you want to use ath0 (which is already used):

If you want to use ath0 (which is already used):

-

airmon-ng stop ath0

+

​airmon-ng stop ath0

And the system will respond:

And the system will respond:

Line 66:

Line 131:

You can see ath0 is gone.

You can see ath0 is gone.

-

To start ath0 in monitor mode: airmon-ng start wifi0

+

To put wifi0 in monitor mode:

+

+

​airmon-ng start wifi0

System responds:

System responds:

Line 100:

Line 167:

You can set the channel number by adding it to the end: airmon-ng start wifi0 9

You can set the channel number by adding it to the end: airmon-ng start wifi0 9

-

-

-

==== mac80211 drivers monitor mode ====

-

-

See [[install_drivers#​mac80211_versus_ieee80211_stacks|mac80211 versus ieee80211 stacks]] for some background information.

-

-

When using the mac80211 version of a driver, the use of airmon-ng and the aircrack-ng tools are slightly different.

-

-

Running:

-

-

​airmon-ng start wlan0

-

-

Gives something like:

-

-

​Interface ​ ​Chipset ​ Driver

-

-

​wlan0 ​ Intel 4965 a/​b/​g/​n ​ ​iwl4965 - [phy0]

-

(monitor mode enabled on mon0)

-

-

Notice that it created "​mon0"​. ​ You must then use "​mon0"​ in all the subsequent aircrack-ng tools as the injection interface.

-

-

To remove monitor mode enter:

-

-

​airmon-ng stop mon0

Line 137:

Line 180:

To determine the current channel, enter "​iwlist <​interface name> channel"​. ​ If you will be working with a specific access point, then the current channel of the card should match that of the AP. In this case, it is a good idea to include the channel number when running the initial airmon-ng command.

To determine the current channel, enter "​iwlist <​interface name> channel"​. ​ If you will be working with a specific access point, then the current channel of the card should match that of the AP. In this case, it is a good idea to include the channel number when running the initial airmon-ng command.

-

-

==== BSSIDs with Spaces, Special Characters ====

-

-

See this [[faq#​how_to_use_spaces_double_quote_and_single_quote_in_ap_names|FAQ entry]] on how to define your BSSID if it has spaces, quotes, double quotes or special characters in it.

==== How Do I Put My Card Back into Managed Mode? ====

==== How Do I Put My Card Back into Managed Mode? ====

Line 165:

Line 204:

X is the monitor interface number - 0 unless you run multiple monitoring interfaces simultaneously.

X is the monitor interface number - 0 unless you run multiple monitoring interfaces simultaneously.

+

+

==== Debugging issues ====

+

+

airmon-ng has two options to show more information,​ which can be useful when reporting or debugging issues.

+

+

=== --verbose flag ===

+

+

It gives information about the system as well as details about the wireless card.

Quite often, the standard scripts on a linux distribution will setup ath0 and or additional athX interfaces. ​ These must all be removed first per the instructions above. ​ Another problem is that the script set fields such as essid, nickname and encryptions. ​ Be sure these are all cleared.

Quite often, the standard scripts on a linux distribution will setup ath0 and or additional athX interfaces. ​ These must all be removed first per the instructions above. ​ Another problem is that the script set fields such as essid, nickname and encryptions. ​ Be sure these are all cleared.

+

+

+

==== Airmon-ng says the interface is not in monitor mode ====

+

+

~# airmon-ng stop wlan0mon

+

PHY Interface Driver Chipset

+

​

+

phy0 wlan0mon ath9k_htc Atheros Communications,​ Inc. AR9271 802.11n

+

​

+

You are trying to stop a device that isn't in monitor mode.

+

Doing so is a terrible idea, if you really want to do it then you

+

need to type 'iw wlan2mon del' yourself since it is a terrible idea.

+

Most likely you want to remove an interface called wlan[0-9]mon

+

If you feel you have reached this warning in error,

+

please report it.

+

+

It most likely mean the interface mode was changed from monitor to managed mode by a network manager. In this case, when stopping monitor mode, this is not a problem.

+

+

==== My interface was put in monitor mode but tools says it is not ====

+

+

It usually means the interface was put in monitor mode prior to killing network managers. And the network manager put the card back in managed mode.

+

+

Refer to the documentation above to kill network managers and put it back into monitor mode.

==== Interface athX number rising (ath0, ath1, ath2.... ath45..) ====

==== Interface athX number rising (ath0, ath1, ath2.... ath45..) ====

Line 275:

Line 424:

mon0: ERROR while getting interface flags: No such device

mon0: ERROR while getting interface flags: No such device

-

This means you have an old version of airmon-ng installed. Upgrade to at least v1.0-rc1. ​ Preferably you should upgrade to the latest SVN version. ​ See the [[install_aircrack|installation page]] for more details. ​ Also, don't forget you need to be root to use airmon-ng (or use sudo).

+

This means you have an old version of airmon-ng installed. Upgrade to at least v1.0-rc1. ​ Preferably you should upgrade to the current ​version. ​ See the [[install_aircrack|installation page]] for more details. ​ Also, don't forget you need to be root to use airmon-ng (or use sudo).

+

+

==== check kill fails ====

+

+

Distros from now on are going to adopt '​upstart'​ which is going to replace the /sbin/init daemon which manages services and tasks during boot.

+

+

Basically do:

+

+

​service network-manager stop

+

​service avahi-daemon stop

+

​service upstart-udev-bridge stop

+

+

and then proceed with greping and killing the pids of dhclient and wpa_supplicant.

+

+

This is the only way to kill ALL of the potentially problematic pids for aireplay-ng permanently. The trick is the kill the daemons first and then terminate the '​tasks'​.

This section ONLY applies ​the latest SVN version ​and to some release candidate versions of the aircrack-ng suite. ​ Once they are released as "stable" ​then the documentation above will be updated.

+

Even though dmesg says the interface is already in monitor mode and "iw dev wlan0 info" ​confirms it is, [[airodump-ng]] ​will fail and report the interface data linktype is Ethernet. This is a bug in the driver and/or firmware, and the workaround is to reboot the system or to reload the driver:

-

​* "​airmon-ng check" will show any processes that might interfere with the aircrack-ng suite. ​ It is strongly recommended that these processes be eliminated prior to using the aircrack-ng suite.

+

​rmmod brcmfmac

-

​* "​airmon-ng check kill" will check and kill off processes that might interfere with the aircrack-ng suite.